Jails and filesystems

[Rob]

Fellow BSDers,

I'm trying to figure out the best layout for multiple jails.

I'd like to share binaries across jails - patches and packages only 
need to be installed once, and it saves a lot of space. So these 
directories would be shared and read-only:
	/bin
	/sbin
	/usr (except /usr/local/etc)
	/var/db/pkg

And these would be private:
	/etc
	/usr/local/etc
	/var (except /var/db/pkg)

The current plan is to move all the shared stuff into /shared, and 
mount it read-only into each jail with nullfs. Then /usr/local/etc is 
moved into /private. This is how it looks inside the jail:

> root at tak /tmp/3569/root # env - /usr/sbin/chroot `pwd` /usr/bin/login 
> -f root
> Last login: Sat Jun 11 09:16:11 on tty??
> Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
>         The Regents of the University of California.  All rights 
> reserved.
>
> root at tak ~ # cd /
> root at tak / # ll
> total 27
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 .
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 ..
> -rw-r--r--   1 root  wheel   802 Jan 21 15:46 .cshrc
> -rw-r--r--   1 root  wheel   251 Jan 21 15:46 .profile
> -r--r--r--   1 root  wheel  6117 Jan 21 15:46 COPYRIGHT
> lrwxr-xr-x   1 root  wheel    11 Jun  9 14:38 bin -> /shared/bin
> drwxr-xr-x   3 root  wheel   512 Jan 21 15:46 boot
> drwxr-xr-x   3 root  wheel  1536 Jun  9 14:01 dev
> drwxr-xr-x  16 root  wheel  2048 Jun  9 14:27 etc
> -rw-r--r--   1 root  wheel     0 Jun  9 14:01 kernel
> drwxr-xr-x   2 root  wheel   512 Jun  9 14:37 mnt
> drwxr-xr-x   2 root  wheel  4608 Jun  9 14:01 modules
> drwxr-xr-x   3 root  wheel   512 Jun  9 14:37 private
> dr-xr-xr-x   2 root  wheel   512 Jan 21 15:45 proc
> drwxr-xr-x   2 root  wheel   512 Jun 11 09:12 root
> lrwxr-xr-x   1 root  wheel    12 Jun  9 14:38 sbin -> /shared/sbin
> drwxr-xr-x   6 root  wheel   512 Jun  9 14:47 shared
> drwxrwxrwt   2 root  wheel   512 Jan 21 15:45 tmp
> lrwxr-xr-x   1 root  wheel    11 Jun  9 14:38 usr -> /shared/usr
> drwxr-xr-x  20 root  wheel   512 Jun  9 14:01 var
> root at tak / # ll usr/local var/db
> usr/local:
> total 2
> drwxr-xr-x   2 root  wheel  512 Jun  9 14:38 .
> drwxr-xr-x  14 root  wheel  512 Jun  9 14:26 ..
> lrwxr-xr-x   1 root  wheel   12 Jun  9 14:38 etc -> /private/etc
>
> var/db:
> total 3
> drwxr-xr-x   3 root    wheel  512 Jun  9 14:47 .
> drwxr-xr-x  20 root    wheel  512 Jun  9 14:01 ..
> drwx------   2 root    wheel  512 Jan 21 15:45 ipf
> -rw-r--r--   1 nobody  wheel    0 Jan 21 15:46 locate.database
> -rw-r--r--   1 root    wheel    0 Jun  9 14:01 mountdtab
> lrwxr-xr-x   1 root    wheel   11 Jun  9 14:47 pkg -> /shared/pkg
> root at tak / # ll shared private
> private:
> total 3
> drwxr-xr-x   3 root  wheel  512 Jun  9 14:37 .
> drwxr-xr-x  13 root  wheel  512 Jun  9 14:38 ..
> drwxr-xr-x   2 root  wheel  512 Jun  9 14:27 etc
>
> shared:
> total 7
> drwxr-xr-x   6 root  wheel   512 Jun  9 14:47 .
> drwxr-xr-x  13 root  wheel   512 Jun  9 14:38 ..
> drwxr-xr-x   2 root  wheel  1024 Jun  9 14:26 bin
> drwxr-xr-x   2 root  wheel   512 Jun  9 14:47 pkg
> drwxr-xr-x   2 root  wheel  2048 Jun  9 14:26 sbin
> drwxr-xr-x  14 root  wheel   512 Jun  9 14:26 usr

I think this will work, but it seems kind of messy. Am I missing a 
simpler way?

Thanks
Rob.